EUVD-2025-24632

Malicious code in bioql PyPI...

EUVD-2025-24631

Malicious code in bioql PyPI...

CVE-2025-43982

Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI...

CVE-2025-43989

The /goform/formJsonAjaxReq POST endpoint of Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices mishandles the settimesetting action with the ntpserver0 parameter, which is used in a system command. By setting a username=admin cookie bypassing normal session checks, an...

CVE-2025-43982

Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI...

CVE-2025-43989

CVE-2025-43989 affects Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLIC firmware 3.4.2731.16.43. The /goform/formJsonAjaxReq POST endpoint mishandles set_timesetting with ntpserver0; setting a username=admin cookie bypasses session checks and allows an unauthenticated attacker to execute arbitrary OS ...

CVE-2025-43989

The /goform/formJsonAjaxReq POST endpoint of Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices mishandles the settimesetting action with the ntpserver0 parameter, which is used in a system command. By setting a username=admin cookie bypassing normal session checks, an...

Tuoshi NR500-EA 安全漏洞

Tuoshi NR500-EA is a wireless router from Tuoshi China. A security vulnerability exists in Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43, which stems from the default enablement of SSH service and the presence of a hard-coded root account...

CVE-2025-43982

Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI...

PT-2025-33067 · Unknown · Shenzhen Tuoshi Nr500-Ea +1

Name of the Vulnerable Software and Affected Versions: Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLIC version 3.4.2731.16.43 Description: Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLIC devices enable the SSH service by default. A hidden, hard-coded root account exists that cannot be disabled through th...

CVE-2025-43982

CVE-2025-43982 affects Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLIC devices (v3.4.2731.16.43). The underlying issue: SSH service is enabled by default and a hard-coded root account cannot be disabled via the GUI. Impact is described as high for confidentiality, integrity, and availability with net...

CVE-2024-48440

Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 was discovered to contain a command injection vulnerability via the component atcommand.asp...

Tuoshi NR500-EA 安全漏洞

Tuoshi NR500-EA is a wireless router from Tuoshi, China. A security vulnerability exists in Tuoshi NR500-EA version 3.2.2543.12.18, which stems from a privilege modification vulnerability that allows an attacker to access the SSH protocol without authentication...

CVE-2024-48440

The CVE-2024-48440 entry affects Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA (RG500UEAABxCOMSLICv3.2.2543.12.18) and is caused by a command injection vulnerability in the at_command.asp component. Public data lists CVSSv3.1 metrics: AV Adjacent, AC Low, PR None, UI None,...

PT-2024-33113 · Shenzhen Tuoshi Network Communications Co. · Nr500-Ea

Name of the Vulnerable Software and Affected Versions: Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLIC version 3.2.2543.12.18 Description: The issue is related to incorrect access control, allowing attackers to access the SSH protocol without authenticatio...

Tuoshi NR500-EA 安全漏洞

Tuoshi NR500-EA is a wireless router from Tuoshi China. A security vulnerability exists in Tuoshi NR500-EA version 3.2.2543.12.18, which originates from a command injection vulnerability in the component atcommand.asp...